Marriott Data Breach Involved 500 Million Starwood Guest Records

Marriott confirmed that its hotel guest database of about 500 million customers was stolen in a data breach.

Those who have concerns that their data may have been stolen may want to read the announcement that Marriott posted on their website. It includes a list of things Marriott is doing in response to the data breach.

Marriott says that on November 19, 2018, their investigation determined that there was unauthorized access to their guest reservation database, which contained guest information relating to reservations at Starwood properties on or before September 10, 2018. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014.

TechCrunch reported that Marriott said an unknown number of records contained encrypted credit card data, but has “not been able to rule out” that the components needed to decrypt the data wasn’t also taken.

This is a mess! I wouldn’t be surprised if people avoided staying at Starwood brands, or Marriott brands, in the future. Once a company has a data breach of customer’s important information, it becomes extremely difficult to regain the trust of people whose information had been stolen. I also find it troubling that it took four years between when the data breach started and when Marriott found out about it.